[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 17 09:10:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5f5a658f by security tracker role at 2020-07-17T08:10:19+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-15805
+ RESERVED
+CVE-2020-15804
+ RESERVED
+CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...)
+ TODO: check
+CVE-2020-15802
+ RESERVED
+CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...)
+ TODO: check
CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...)
- libredwg <itp> (bug #595191)
CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...)
@@ -354,6 +364,7 @@ CVE-2020-15647
RESERVED
CVE-2020-15646
RESERVED
+ {DSA-4718-1 DLA-2247-1}
- thunderbird 1:68.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
CVE-2020-15645
@@ -8274,7 +8285,7 @@ CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScri
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...)
- {DSA-4718-1 DSA-4713-1}
+ {DSA-4718-1 DSA-4713-1 DLA-2247-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8282,7 +8293,7 @@ CVE-2020-12421 (When performing add-on updates, certificate chains terminating i
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...)
- {DSA-4718-1 DSA-4713-1}
+ {DSA-4718-1 DSA-4713-1 DLA-2247-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8290,7 +8301,7 @@ CVE-2020-12420 (When trying to connect to a STUN server, a race condition could
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...)
- {DSA-4718-1 DSA-4713-1}
+ {DSA-4718-1 DSA-4713-1 DLA-2247-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8298,7 +8309,7 @@ CVE-2020-12419 (When processing callbacks that occurred during window flushing i
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...)
- {DSA-4718-1 DSA-4713-1}
+ {DSA-4718-1 DSA-4713-1 DLA-2247-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8306,7 +8317,7 @@ CVE-2020-12418 (Manipulating individual parts of a URL object could have caused
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...)
- {DSA-4718-1 DSA-4713-1}
+ {DSA-4718-1 DSA-4713-1 DLA-2247-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
- thunderbird 1:68.10.0-1
@@ -8331,7 +8342,7 @@ CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...)
- {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8348,7 +8359,7 @@ CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender,
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...)
- {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8356,7 +8367,7 @@ CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check d
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...)
- {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- thunderbird 1:68.9.0-1
@@ -8378,7 +8389,7 @@ CVE-2020-12401
CVE-2020-12400
RESERVED
CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
- {DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -8389,7 +8400,7 @@ CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures,
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...)
- {DSA-4702-1 DLA-2247-1}
+ {DSA-4702-1}
- thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...)
@@ -9328,24 +9339,24 @@ CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all
NOT-FOR-US: GE Grid Solutions Reason RT Clocks
CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
NOT-FOR-US: Baxter
-CVE-2020-12015
- RESERVED
+CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...)
+ TODO: check
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12013
- RESERVED
+CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...)
+ TODO: check
CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
NOT-FOR-US: Baxter
CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...)
TODO: check
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12009
- RESERVED
+CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...)
+ TODO: check
CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
NOT-FOR-US: Baxter
-CVE-2020-12007
- RESERVED
+CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...)
+ TODO: check
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...)
@@ -9404,18 +9415,18 @@ CVE-2020-11985
RESERVED
CVE-2020-11984
RESERVED
-CVE-2020-11983
- RESERVED
-CVE-2020-11982
- RESERVED
-CVE-2020-11981
- RESERVED
+CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...)
+ TODO: check
+CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...)
+ TODO: check
+CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...)
+ TODO: check
CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...)
- apache-karaf <itp> (bug #881297)
CVE-2020-11979
RESERVED
-CVE-2020-11978
- RESERVED
+CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...)
+ TODO: check
CVE-2020-11977
RESERVED
CVE-2020-11976
@@ -16632,8 +16643,8 @@ CVE-2020-9690
RESERVED
CVE-2020-9689
RESERVED
-CVE-2020-9688
- RESERVED
+CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...)
+ TODO: check
CVE-2020-9687
RESERVED
CVE-2020-9686
@@ -16644,8 +16655,8 @@ CVE-2020-9684
RESERVED
CVE-2020-9683
RESERVED
-CVE-2020-9682
- RESERVED
+CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ TODO: check
CVE-2020-9681
RESERVED
CVE-2020-9680
@@ -16662,16 +16673,16 @@ CVE-2020-9675
RESERVED
CVE-2020-9674
RESERVED
-CVE-2020-9673
- RESERVED
-CVE-2020-9672
- RESERVED
-CVE-2020-9671
- RESERVED
-CVE-2020-9670
- RESERVED
-CVE-2020-9669
- RESERVED
+CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
+ TODO: check
+CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...)
+ TODO: check
+CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ TODO: check
+CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ TODO: check
+CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...)
+ TODO: check
CVE-2020-9668
RESERVED
CVE-2020-9667
@@ -16708,16 +16719,16 @@ CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bound
NOT-FOR-US: Adobe
CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
-CVE-2020-9650
- RESERVED
-CVE-2020-9649
- RESERVED
+CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
+ TODO: check
+CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...)
+ TODO: check
CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
NOT-FOR-US: Adobe
-CVE-2020-9646
- RESERVED
+CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...)
+ TODO: check
CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...)
NOT-FOR-US: Adobe
CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...)
@@ -17083,8 +17094,8 @@ CVE-2020-9487
RESERVED
CVE-2020-9486
RESERVED
-CVE-2020-9485
- RESERVED
+CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...)
+ TODO: check
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
{DLA-2279-1 DLA-2217-1 DLA-2209-1}
- tomcat9 9.0.35-1 (bug #961209)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5a658fa22a7ae49ef7fc9b6c2a6dff3a757b45
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5f5a658fa22a7ae49ef7fc9b6c2a6dff3a757b45
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200717/3fb9dc78/attachment.html>
More information about the debian-security-tracker-commits
mailing list